Dealing with spaces in LDAP URI's used with Apache
I had an Apache web server that I wanted to configure to use LDAP authentication for
controlling access to some pages. The LDAP directory already existed, in the form
of the company's Active Directory. Unfortunately, the company's two-word name was
part of the URI. This was not difficult to deal with when using command-line tools
such as ldeapsearch, because the DN could be placed in quotes. But this syntax doesn't
work in Apache's httpd.conf. The key turned out to be using %20 to represent the space
between the two words, like so:
ldap_uri: ldap://activdir.example.edu:389/ou=All%20Users,dc=win,dc=example,dc=edu??sub?(uid=%s)?x-BindDN=bindid,x-Password=password
This syntax was used in section 2.5.1 in a
document on PubCookie which also looks very interesting. Here's the complete LDAP section of
httpd.conf:
<![CDATA[
<Directory "/var/www/html/closed">
AuthLDAPAuthoritative on
AuthLDAPEnabled on
AuthType Basic
AuthName "Restricted Area"
AuthLDAPBindDN "cn=Recipients,ou=Edina,o=Acme Manufacturing"
AuthLDAPURL ldap://mnmtkex6:389/dc=Acme%20Manufacturing?sAMAccountName?sub?(objectclass=*)
Require valid-user
</Directory>
]]>
I must point out, however, that using the above code, I could not get LDAP authentication from AD to work. When
I pointed it a Sun LDAP server, it worked fine.
Special thanks to my
friend Pete Palmer for finding the answer about the spaces
for me.
04/15/2005